If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Utility Nukes Windows Genuine Advantage Callbacks

Utility Nukes Windows Genuine Advantage Callbacks

A private security company has found a way to nuke the controversial callback component in Microsoft's Windows Genuine Advantage anti-piracy tool.

Firewall Leak Tester, a company that provides tools to test the quality of personal firewall software, has released a utility called RemoveWGA that blocks Microsoft from "phoning home" from Windows PCs on a daily basis.

"Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot," the company said in a note explaining its motive for releasing the tool.

The WGA tool, which is a mandatory part of the Redmond, Wash., software maker's battle to curb Windows piracy, includes two separate components: WGA validation and WGA notifications. Validation determines whether the copy of Windows installed is pirated or not,
whom Microsoft believes are not running "genuine Windows" and "suggest" where they can "learn more about the benefits of using genuine Windows software."

However, Notifications has been "phoning home" to Microsoft's servers on a daily basis, and Windows users are up in arms over potential privacy and security risks. Microsoft insists the callbacks are a ""safety check" to ensure that WGA can be terminated quickly if things went amok, but this was never communicated to users until the week of June 4.

On June 8, Microsoft announced plans to tweak the WGA to only check for a new settings file every 14 days.

However, Firewall Leak Tester warned that connecting to Microsoft is a legitimate security issue for corporate networks and privacy issues for Windows users worldwide. "It is also unclear which information [is being] transmitted," the company said, arguing that that Microsoft has used "deceptive ways" to get users to install the tool.

Microsoft ships the WGA tool as part of its monthly batch of security patches.
Firewall Leak Tester said the RemoveWGA utility will only remove the Notification part of Microsoft's tool. "The Validation part is mandatory for some, not critical downloads from Microsoft, but the Notification part is not mandatory at all, and you are able to install all of the security updates without installing this one," the company explained.

The utility works on Windows XP (SP1 and SP2) and is set up to alert the user if the WGA notification tool is active on the system and remove that component from activating at start-up.

It's not the first time Microsoft's WGA program has been cracked by hackers and third parties. Back in May 2005, a security researcher in India discovered an uncomplicated and easy-to-exploit weakness in the tool, which is used to check whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.